Update easy_file_sharing_ftp and add documentation

2017-03-15 16:14:41 -05:00 · 2017-03-15 16:14:41 -05:00 · 8afe6a9061
parent cf8b4a78fa
commit 8afe6a9061
2 changed files with 31 additions and 4 deletions
--- a/documentation/modules/auxiliary/scanner/ftp/easy_file_sharing_ftp.md
+++ b/documentation/modules/auxiliary/scanner/ftp/easy_file_sharing_ftp.md
@ -0,0 +1,27 @@
+This module exploits a directory traversal vulnerability in Easy File Sharing FTP Server 3.6, or
+prior. It abuses the RETR command in FTP in order to retrieve a file outside the shared directory.
+
+By default, anonymous access is allowed by the FTP server.
+
+## Vulnerable Application
+
+Easy File Sharing FTP Server version 3.6 or prior should be affected. You can download the
+vulnerable application from the official website:
+
+http://www.efssoft.com/efsfs.exe
+
+## Options
+
+Since the FTP server allows anonymous access, by default, you only need to configure:
+
+**RHOSTS**
+
+The FTP server IP address.
+
+**PATH**
+
+The file you wish to download. Assume this path starts from C:\
+
+## Demonstration
+
+![ftp](https://cloud.githubusercontent.com/assets/1170914/23971054/4fdc2b08-099a-11e7-88ea-67a678628e49.gif)
--- a/modules/auxiliary/scanner/ftp/easy_file_sharing_ftp.rb
+++ b/modules/auxiliary/scanner/ftp/easy_file_sharing_ftp.rb
@ -13,7 +13,7 @@ class MetasploitModule < Msf::Auxiliary

  def initialize(info = {})
    super(update_info(info,
-      'Name'           => 'Easy File Sharing FTP Server Version 3.6 and Earlier Directory Traversal Information Disclosure',
+      'Name'           => 'Easy File Sharing FTP Server 3.6 Directory Traversal',
      'Description'    => %q{
        This module exploits a directory traversal vulnerability found in Easy File Sharing FTP Server Version 3.6 and Earlier.
        This vulnerability allows an attacker to download arbitrary files from the server by crafting
@ -43,7 +43,7 @@ class MetasploitModule < Msf::Auxiliary
    begin
      connect
      if /Easy File Sharing FTP Server/i === banner
-        return Exploit::CheckCode::Appears
+        return Exploit::CheckCode::Detected
      end
    ensure
      disconnect
@ -58,7 +58,7 @@ class MetasploitModule < Msf::Auxiliary
      connect_login
      sock = data_connect
      if sock.nil?
-        error_msg = __FILE__ <<'::'<< __method__.to_s << ':' << 'data_connect failed; posssible invalid response'
+        error_msg = 'data_connect failed; posssible invalid response'
        print_status(error_msg)
        elog(error_msg)
      else
@ -72,7 +72,7 @@ class MetasploitModule < Msf::Auxiliary
        # read the file data from the socket that we opened
        # dont assume theres still a sock to read from. Per #7582
        if sock.nil?
-          error_msg = __FILE__ <<'::'<< __method__.to_s << ':' << 'data_connect failed; posssible invalid response'
+          error_msg = 'data_connect failed; posssible invalid response'
          print_status(error_msg)
          elog(error_msg)
          return